[jackhill/guix/guix.git] / gnu / system / install.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu system install)
  #:use-module (gnu)
  #:use-module (guix gexp)
  #:use-module (guix store)
  #:use-module (guix monads)
  #:use-module ((guix store) #:select (%store-prefix))
  #:use-module (gnu services shepherd)
  #:use-module (gnu services ssh)
  #:use-module (gnu packages admin)
  #:use-module (gnu packages bash)
  #:use-module (gnu packages bootloaders)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages ssh)
  #:use-module (gnu packages cryptsetup)
  #:use-module (gnu packages package-management)
  #:use-module (gnu packages disk)
  #:use-module (gnu packages texinfo)
  #:use-module (gnu packages compression)
  #:use-module (gnu packages nvi)
  #:use-module (ice-9 match)
  #:use-module (srfi srfi-26)
  #:export (installation-os))

;;; Commentary:
;;;
;;; This module provides an 'operating-system' definition for use on images
;;; for USB sticks etc., for the installation of the GNU system.
;;;
;;; Code:

\f
(define (log-to-info)
  "Return a script that spawns the Info reader on the right section of the
manual."
  (program-file "log-to-info"
                #~(begin
                    ;; 'gunzip' is needed to decompress the doc.
                    (setenv "PATH" (string-append #$gzip "/bin"))

                    (execl (string-append #$info-reader "/bin/info") "info"
                           "-d" "/run/current-system/profile/share/info"
                           "-f" (string-append #$guix "/share/info/guix.info")
                           "-n" "System Installation"))))

(define %backing-directory
  ;; Sub-directory used as the backing store for copy-on-write.
  "/tmp/guix-inst")

(define (make-cow-store target)
  "Return a gexp that makes the store copy-on-write, using TARGET as the
backing store.  This is useful when TARGET is on a hard disk, whereas the
current store is on a RAM disk."

  (define (set-store-permissions directory)
    ;; Set the right perms on DIRECTORY to use it as the store.
    #~(begin
        (chown #$directory 0 30000)             ;use the fixed 'guixbuild' GID
        (chmod #$directory #o1775)))

  #~(begin
      ;; Bind-mount TARGET's /tmp in case we need space to build things.
      (let ((tmpdir (string-append #$target "/tmp")))
        (mkdir-p tmpdir)
        (mount tmpdir "/tmp" "none" MS_BIND))

      (let* ((rw-dir (string-append target #$%backing-directory))
             (work-dir (string-append rw-dir "/../.overlayfs-workdir")))
        (mkdir-p rw-dir)
        (mkdir-p work-dir)
        (mkdir-p "/.rw-store")
        #$(set-store-permissions #~rw-dir)
        #$(set-store-permissions "/.rw-store")

        ;; Mount the overlay, then atomically make it the store.
        (mount "none" "/.rw-store" "overlay" 0
               (string-append "lowerdir=" #$(%store-prefix) ","
                              "upperdir=" rw-dir ","
                              "workdir=" work-dir))
        (mount "/.rw-store" #$(%store-prefix) "" MS_MOVE)
        (rmdir "/.rw-store"))))

(define cow-store-service-type
  (shepherd-service-type
   'cow-store
   (lambda _
     (shepherd-service
      (requirement '(root-file-system user-processes))
      (provision '(cow-store))
      (documentation
       "Make the store copy-on-write, with writes going to \
the given target.")

      ;; This is meant to be explicitly started by the user.
      (auto-start? #f)

      (start #~(case-lambda
                 ((target)
                  #$(make-cow-store #~target)
                  target)
                 (else
                  ;; Do nothing, and mark the service as stopped.
                  #f)))
      (stop #~(lambda (target)
                ;; Delete the temporary directory, but leave everything
                ;; mounted as there may still be processes using it since
                ;; 'user-processes' doesn't depend on us.  The 'user-unmount'
                ;; service will unmount TARGET eventually.
                (delete-file-recursively
                 (string-append target #$%backing-directory))))))))

(define (cow-store-service)
  "Return a service that makes the store copy-on-write, such that writes go to
the user's target storage device rather than on the RAM disk."
  ;; See <http://bugs.gnu.org/18061> for the initial report.
  (service cow-store-service-type 'mooooh!))


(define (/etc/configuration-files _)
  "Return a list of tuples representing configuration templates to add to
/etc."
  (define (file f)
    (local-file (string-append "examples/" f)))

  (define directory
    (computed-file "configuration-templates"
                   (with-imported-modules '((guix build utils))
                     #~(begin
                         (mkdir #$output)
                         (for-each (lambda (file target)
                                     (copy-file file
                                                (string-append #$output "/"
                                                               target)))
                                   '(#$(file "bare-bones.tmpl")
                                     #$(file "desktop.tmpl")
                                     #$(file "lightweight-desktop.tmpl"))
                                   '("bare-bones.scm"
                                     "desktop.scm"
                                     "lightweight-desktop.scm"))
                         #t))))

  `(("configuration" ,directory)))

(define configuration-template-service-type
  (service-type (name 'configuration-template)
                (extensions
                 (list (service-extension etc-service-type
                                          /etc/configuration-files)))))

(define %configuration-template-service
  (service configuration-template-service-type #t))


(define %nscd-minimal-caches
  ;; Minimal in-memory caching policy for nscd.
  (list (nscd-cache (database 'hosts)
                    (positive-time-to-live (* 3600 12))

                    ;; Do not cache lookup failures at all since they are
                    ;; quite likely (for instance when someone tries to ping a
                    ;; host before networking is functional.)
                    (negative-time-to-live 0)

                    (persistent? #f)
                    (max-database-size (* 5 (expt 2 20)))))) ;5 MiB

(define %installation-services
  ;; List of services of the installation system.
  (let ((motd (plain-file "motd" "
Welcome to the installation of the Guix System Distribution!

There is NO WARRANTY, to the extent permitted by law.  In particular, you may
LOSE ALL YOUR DATA as a side effect of the installation process.  Furthermore,
it is 'beta' software, so it may contain bugs.

You have been warned.  Thanks for being so brave.
")))
    (define (normal-tty tty)
      (mingetty-service (mingetty-configuration (tty tty)
                                                (auto-login "root")
                                                (login-pause? #t))))

    (define bare-bones-os
      (load "examples/bare-bones.tmpl"))

    (list (mingetty-service (mingetty-configuration
                             (tty "tty1")
                             (auto-login "root")))

          (login-service (login-configuration
                          (motd motd)))

          ;; Documentation.  The manual is in UTF-8, but
          ;; 'console-font-service' sets up Unicode support and loads a font
          ;; with all the useful glyphs like em dash and quotation marks.
          (mingetty-service (mingetty-configuration
                             (tty "tty2")
                             (auto-login "guest")
                             (login-program (log-to-info))))

          ;; Documentation add-on.
          %configuration-template-service

          ;; A bunch of 'root' ttys.
          (normal-tty "tty3")
          (normal-tty "tty4")
          (normal-tty "tty5")
          (normal-tty "tty6")

          ;; The usual services.
          (syslog-service)

          ;; The build daemon.  Register the hydra.gnu.org key as trusted.
          ;; This allows the installation process to use substitutes by
          ;; default.
          (guix-service (guix-configuration (authorize-key? #t)))

          ;; Start udev so that useful device nodes are available.
          ;; Use device-mapper rules for cryptsetup & co; enable the CRDA for
          ;; regulations-compliant WiFi access.
          (udev-service #:rules (list lvm2 crda))

          ;; Add the 'cow-store' service, which users have to start manually
          ;; since it takes the installation directory as an argument.
          (cow-store-service)

          ;; Install Unicode support and a suitable font.
          (service console-font-service-type
                   (map (lambda (tty)
                          (cons tty %default-console-font))
                        '("tty1" "tty2" "tty3" "tty4" "tty5" "tty6")))

          ;; To facilitate copy/paste.
          (gpm-service)

          ;; Add an SSH server to facilitate remote installs.
          (service openssh-service-type
                   (openssh-configuration
                    (port-number 22)
                    (permit-root-login #t)
                    ;; The root account is passwordless, so make sure
                    ;; a password is set before allowing logins.
                    (allow-empty-passwords? #f)
                    (password-authentication? #t)))

          ;; Since this is running on a USB stick with a overlayfs as the root
          ;; file system, use an appropriate cache configuration.
          (nscd-service (nscd-configuration
                         (caches %nscd-minimal-caches)))

          ;; Having /bin/sh is a good idea.  In particular it allows Tramp
          ;; connections to this system to work.
          (service special-files-service-type
                   `(("/bin/sh" ,(file-append (canonical-package bash)
                                              "/bin/sh"))))

          ;; Keep a reference to BARE-BONES-OS to make sure it can be
          ;; installed without downloading/building anything.
          (service gc-root-service-type (list bare-bones-os)))))

(define %issue
  ;; Greeting.
  "
This is an installation image of the GNU system.  Welcome.

Use Alt-F2 for documentation.
")

(define installation-os
  ;; The operating system used on installation images for USB sticks etc.
  (operating-system
    (host-name "gnu")
    (timezone "Europe/Paris")
    (locale "en_US.utf8")
    (bootloader (grub-configuration (target "/dev/sda")))
    (file-systems
     ;; Note: the disk image build code overrides this root file system with
     ;; the appropriate one.
     (cons* (file-system
              (mount-point "/")
              (device "GuixSD_image")
              (title 'label)
              (type "ext4"))

            ;; Make /tmp a tmpfs instead of keeping the overlayfs.  This
            ;; originally was used for unionfs because FUSE creates
            ;; '.fuse_hiddenXYZ' files for each open file, and this confuses
            ;; Guix's test suite, for instance (see
            ;; <http://bugs.gnu.org/23056>).  We keep this for overlayfs to be
            ;; on the safe side.
            (file-system
              (mount-point "/tmp")
              (device "none")
              (title 'device)
              (type "tmpfs")
              (check? #f))

            ;; XXX: This should be %BASE-FILE-SYSTEMS but we don't need
            ;; elogind's cgroup file systems.
            (list %pseudo-terminal-file-system
                  %shared-memory-file-system
                  %immutable-store)))

    (users (list (user-account
                  (name "guest")
                  (group "users")
                  (supplementary-groups '("wheel")) ; allow use of sudo
                  (password "")
                  (comment "Guest of GNU")
                  (home-directory "/home/guest"))))

    (issue %issue)
    (services %installation-services)

    ;; We don't need setuid programs, except for 'passwd', which can be handy
    ;; if one is to allow remote SSH login to the machine being installed.
    (setuid-programs (list (file-append shadow "/bin/passwd")))

    (pam-services
     ;; Explicitly allow for empty passwords.
     (base-pam-services #:allow-empty-passwords? #t))

    (packages (cons* (canonical-package glibc) ;for 'tzselect' & co.
                     parted gptfdisk ddrescue
                     grub                  ;mostly so xrefs to its manual work
                     cryptsetup
                     mdadm
                     dosfstools         ;mkfs.fat, for the UEFI boot partition
                     btrfs-progs
                     openssh    ;we already have sshd, having ssh/scp can help
                     wireless-tools iw wpa-supplicant-minimal iproute
                     ;; XXX: We used to have GNU fdisk here, but as of version
                     ;; 2.0.0a, that pulls Guile 1.8, which takes unreasonable
                     ;; space; furthermore util-linux's fdisk is already
                     ;; available here, so we keep that.
                     bash-completion
                     nvi                          ;:wq!
                     %base-packages))))

;; Return it here so 'guix system' can consume it directly.
installation-os

;;; install.scm ends here
Commit	Line	Data
fc91c17a	1	;;; GNU Guix --- Functional package management for GNU
239c2266	2	;;; Copyright © 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
b2a5fa59	3	;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
f0fbf2c1	4	;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
c80cd4df	5	;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
fc91c17a LC	6	;;;
	7	;;; This file is part of GNU Guix.
	8	;;;
	9	;;; GNU Guix is free software; you can redistribute it and/or modify it
	10	;;; under the terms of the GNU General Public License as published by
	11	;;; the Free Software Foundation; either version 3 of the License, or (at
	12	;;; your option) any later version.
	13	;;;
	14	;;; GNU Guix is distributed in the hope that it will be useful, but
	15	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	16	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	17	;;; GNU General Public License for more details.
	18	;;;
	19	;;; You should have received a copy of the GNU General Public License
	20	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	21
	22	(define-module (gnu system install)
	23	#:use-module (gnu)
	24	#:use-module (guix gexp)
e87f0591	25	#:use-module (guix store)
fc91c17a	26	#:use-module (guix monads)
83a17b62	27	#:use-module ((guix store) #:select (%store-prefix))
0190c1c0	28	#:use-module (gnu services shepherd)
c80cd4df	29	#:use-module (gnu services ssh)
db84467a	30	#:use-module (gnu packages admin)
f4bdfe73	31	#:use-module (gnu packages bash)
862e38d5	32	#:use-module (gnu packages bootloaders)
fc91c17a	33	#:use-module (gnu packages linux)
1e8d398a	34	#:use-module (gnu packages ssh)
b419c7f5	35	#:use-module (gnu packages cryptsetup)
fc91c17a	36	#:use-module (gnu packages package-management)
cc4a2aeb	37	#:use-module (gnu packages disk)
fc91c17a	38	#:use-module (gnu packages texinfo)
dd6b28d1	39	#:use-module (gnu packages compression)
a8cb87ab	40	#:use-module (gnu packages nvi)
e1fbc32a LC	41	#:use-module (ice-9 match)
e1fbc32a LC	42	#:use-module (srfi srfi-26)
239c2266	43	#:export (installation-os))
fc91c17a LC	44
	45	;;; Commentary:
	46	;;;
	47	;;; This module provides an 'operating-system' definition for use on images
	48	;;; for USB sticks etc., for the installation of the GNU system.
	49	;;;
	50	;;; Code:
	51
9d3fb6c7	52	\f
fc91c17a LC	53	(define (log-to-info)
	54	"Return a script that spawns the Info reader on the right section of the
	55	manual."
ce8a6dfc	56	(program-file "log-to-info"
dd6b28d1 LC	57	#~(begin
	58	;; 'gunzip' is needed to decompress the doc.
	59	(setenv "PATH" (string-append #$gzip "/bin"))
	60
68abb9b0	61	(execl (string-append #$info-reader "/bin/info") "info"
dd6b28d1 LC	62	"-d" "/run/current-system/profile/share/info"
	63	"-f" (string-append #$guix "/share/info/guix.info")
	64	"-n" "System Installation"))))
fc91c17a	65
83a17b62 LC	66	(define %backing-directory
	67	;; Sub-directory used as the backing store for copy-on-write.
	68	"/tmp/guix-inst")
	69
	70	(define (make-cow-store target)
	71	"Return a gexp that makes the store copy-on-write, using TARGET as the
	72	backing store. This is useful when TARGET is on a hard disk, whereas the
	73	current store is on a RAM disk."
83a17b62 LC	74
	75	(define (set-store-permissions directory)
	76	;; Set the right perms on DIRECTORY to use it as the store.
	77	#~(begin
	78	(chown #$directory 0 30000) ;use the fixed 'guixbuild' GID
	79	(chmod #$directory #o1775)))
	80
	81	#~(begin
0adabad7 LC	82	;; Bind-mount TARGET's /tmp in case we need space to build things.
	83	(let ((tmpdir (string-append #$target "/tmp")))
	84	(mkdir-p tmpdir)
	85	(mount tmpdir "/tmp" "none" MS_BIND))
	86
d9565f7d HG	87	(let* ((rw-dir (string-append target #$%backing-directory))
d9565f7d HG	88	(work-dir (string-append rw-dir "/../.overlayfs-workdir")))
83a17b62	89	(mkdir-p rw-dir)
d9565f7d	90	(mkdir-p work-dir)
83a17b62 LC	91	(mkdir-p "/.rw-store")
	92	#$(set-store-permissions #~rw-dir)
	93	#$(set-store-permissions "/.rw-store")
	94
d9565f7d HG	95	;; Mount the overlay, then atomically make it the store.
	96	(mount "none" "/.rw-store" "overlay" 0
	97	(string-append "lowerdir=" #$(%store-prefix) ","
	98	"upperdir=" rw-dir ","
	99	"workdir=" work-dir))
	100	(mount "/.rw-store" #$(%store-prefix) "" MS_MOVE)
	101	(rmdir "/.rw-store"))))
83a17b62	102
0adfe95a	103	(define cow-store-service-type
d4053c71	104	(shepherd-service-type
00184239	105	'cow-store
0adfe95a	106	(lambda _
d4053c71	107	(shepherd-service
0adfe95a LC	108	(requirement '(root-file-system user-processes))
	109	(provision '(cow-store))
	110	(documentation
	111	"Make the store copy-on-write, with writes going to \
	112	the given target.")
	113
	114	;; This is meant to be explicitly started by the user.
	115	(auto-start? #f)
	116
	117	(start #~(case-lambda
	118	((target)
	119	#$(make-cow-store #~target)
	120	target)
	121	(else
	122	;; Do nothing, and mark the service as stopped.
	123	#f)))
	124	(stop #~(lambda (target)
	125	;; Delete the temporary directory, but leave everything
	126	;; mounted as there may still be processes using it since
	127	;; 'user-processes' doesn't depend on us. The 'user-unmount'
	128	;; service will unmount TARGET eventually.
	129	(delete-file-recursively
	130	(string-append target #$%backing-directory))))))))
	131
83a17b62 LC	132	(define (cow-store-service)
	133	"Return a service that makes the store copy-on-write, such that writes go to
	134	the user's target storage device rather than on the RAM disk."
	135	;; See <http://bugs.gnu.org/18061> for the initial report.
0adfe95a LC	136	(service cow-store-service-type 'mooooh!))
	137
	138
	139	(define (/etc/configuration-files _)
	140	"Return a list of tuples representing configuration templates to add to
	141	/etc."
	142	(define (file f)
bae90dc7	143	(local-file (string-append "examples/" f)))
0adfe95a LC	144
	145	(define directory
	146	(computed-file "configuration-templates"
4ee96a79 LC	147	(with-imported-modules '((guix build utils))
	148	#~(begin
	149	(mkdir #$output)
	150	(for-each (lambda (file target)
	151	(copy-file file
	152	(string-append #$output "/"
	153	target)))
	154	'(#$(file "bare-bones.tmpl")
	155	#$(file "desktop.tmpl")
	156	#$(file "lightweight-desktop.tmpl"))
	157	'("bare-bones.scm"
	158	"desktop.scm"
	159	"lightweight-desktop.scm"))
	160	#t))))
0adfe95a LC	161
	162	`(("configuration" ,directory)))
	163
	164	(define configuration-template-service-type
	165	(service-type (name 'configuration-template)
	166	(extensions
	167	(list (service-extension etc-service-type
	168	/etc/configuration-files)))))
	169
	170	(define %configuration-template-service
	171	(service configuration-template-service-type #t))
be1c2c54	172
1dac8566	173
61ff0a3a LC	174	(define %nscd-minimal-caches
	175	;; Minimal in-memory caching policy for nscd.
	176	(list (nscd-cache (database 'hosts)
	177	(positive-time-to-live (* 3600 12))
c96ba2cf LC	178
	179	;; Do not cache lookup failures at all since they are
	180	;; quite likely (for instance when someone tries to ping a
	181	;; host before networking is functional.)
	182	(negative-time-to-live 0)
	183
61ff0a3a LC	184	(persistent? #f)
	185	(max-database-size (* 5 (expt 2 20)))))) ;5 MiB
	186
58b21e1e LC	187	(define %installation-services
58b21e1e LC	188	;; List of services of the installation system.
ce8a6dfc	189	(let ((motd (plain-file "motd" "
c73adb09	190	Welcome to the installation of the Guix System Distribution!
fc91c17a LC	191
	192	There is NO WARRANTY, to the extent permitted by law. In particular, you may
	193	LOSE ALL YOUR DATA as a side effect of the installation process. Furthermore,
c82c060d	194	it is 'beta' software, so it may contain bugs.
fc91c17a LC	195
	196	You have been warned. Thanks for being so brave.
	197	")))
	198	(define (normal-tty tty)
66e4f01c	199	(mingetty-service (mingetty-configuration (tty tty)
66e4f01c LC	200	(auto-login "root")
66e4f01c LC	201	(login-pause? #t))))
fc91c17a	202
4e854b18 LC	203	(define bare-bones-os
	204	(load "examples/bare-bones.tmpl"))
	205
66e4f01c LC	206	(list (mingetty-service (mingetty-configuration
66e4f01c LC	207	(tty "tty1")
66e4f01c	208	(auto-login "root")))
fc91c17a	209
2932ab9c DC	210	(login-service (login-configuration
	211	(motd motd)))
	212
62ca0fdf LC	213	;; Documentation. The manual is in UTF-8, but
	214	;; 'console-font-service' sets up Unicode support and loads a font
	215	;; with all the useful glyphs like em dash and quotation marks.
66e4f01c LC	216	(mingetty-service (mingetty-configuration
66e4f01c LC	217	(tty "tty2")
66e4f01c LC	218	(auto-login "guest")
66e4f01c LC	219	(login-program (log-to-info))))
fc91c17a	220
1dac8566	221	;; Documentation add-on.
0adfe95a	222	%configuration-template-service
1dac8566	223
fc91c17a LC	224	;; A bunch of 'root' ttys.
	225	(normal-tty "tty3")
	226	(normal-tty "tty4")
	227	(normal-tty "tty5")
	228	(normal-tty "tty6")
	229
	230	;; The usual services.
	231	(syslog-service)
2c5c696c LC	232
	233	;; The build daemon. Register the hydra.gnu.org key as trusted.
	234	;; This allows the installation process to use substitutes by
	235	;; default.
0adfe95a	236	(guix-service (guix-configuration (authorize-key? #t)))
2c5c696c	237
e11390df	238	;; Start udev so that useful device nodes are available.
68ac258b LC	239	;; Use device-mapper rules for cryptsetup & co; enable the CRDA for
	240	;; regulations-compliant WiFi access.
	241	(udev-service #:rules (list lvm2 crda))
e11390df	242
83a17b62 LC	243	;; Add the 'cow-store' service, which users have to start manually
	244	;; since it takes the installation directory as an argument.
	245	(cow-store-service)
	246
62ca0fdf	247	;; Install Unicode support and a suitable font.
4a84a487 LC	248	(service console-font-service-type
	249	(map (lambda (tty)
	250	(cons tty %default-console-font))
	251	'("tty1" "tty2" "tty3" "tty4" "tty5" "tty6")))
62ca0fdf	252
ae7ffa9e LC	253	;; To facilitate copy/paste.
	254	(gpm-service)
	255
c80cd4df MB	256	;; Add an SSH server to facilitate remote installs.
	257	(service openssh-service-type
	258	(openssh-configuration
	259	(port-number 22)
	260	(permit-root-login #t)
	261	;; The root account is passwordless, so make sure
	262	;; a password is set before allowing logins.
	263	(allow-empty-passwords? #f)
	264	(password-authentication? #t)))
	265
d9565f7d	266	;; Since this is running on a USB stick with a overlayfs as the root
61ff0a3a LC	267	;; file system, use an appropriate cache configuration.
61ff0a3a LC	268	(nscd-service (nscd-configuration
50cb948f LC	269	(caches %nscd-minimal-caches)))
	270
	271	;; Having /bin/sh is a good idea. In particular it allows Tramp
	272	;; connections to this system to work.
	273	(service special-files-service-type
	274	`(("/bin/sh" ,(file-append (canonical-package bash)
4e854b18 LC	275	"/bin/sh"))))
	276
	277	;; Keep a reference to BARE-BONES-OS to make sure it can be
	278	;; installed without downloading/building anything.
	279	(service gc-root-service-type (list bare-bones-os)))))
fc91c17a LC	280
	281	(define %issue
	282	;; Greeting.
	283	"
	284	This is an installation image of the GNU system. Welcome.
	285
	286	Use Alt-F2 for documentation.
	287	")
	288
	289	(define installation-os
	290	;; The operating system used on installation images for USB sticks etc.
	291	(operating-system
	292	(host-name "gnu")
	293	(timezone "Europe/Paris")
9cd0dfaa	294	(locale "en_US.utf8")
045ebb3e	295	(bootloader (grub-configuration (target "/dev/sda")))
fc91c17a LC	296	(file-systems
	297	;; Note: the disk image build code overrides this root file system with
	298	;; the appropriate one.
ee03b75d LC	299	(cons* (file-system
ee03b75d LC	300	(mount-point "/")
0862b954	301	(device "GuixSD_image")
ee03b75d LC	302	(title 'label)
	303	(type "ext4"))
	304
d9565f7d HG	305	;; Make /tmp a tmpfs instead of keeping the overlayfs. This
	306	;; originally was used for unionfs because FUSE creates
	307	;; '.fuse_hiddenXYZ' files for each open file, and this confuses
	308	;; Guix's test suite, for instance (see
	309	;; <http://bugs.gnu.org/23056>). We keep this for overlayfs to be
795ec760	310	;; on the safe side.
ee03b75d LC	311	(file-system
	312	(mount-point "/tmp")
	313	(device "none")
	314	(title 'device)
	315	(type "tmpfs")
	316	(check? #f))
	317
0feefb53 LC	318	;; XXX: This should be %BASE-FILE-SYSTEMS but we don't need
	319	;; elogind's cgroup file systems.
	320	(list %pseudo-terminal-file-system
	321	%shared-memory-file-system
	322	%immutable-store)))
fc91c17a LC	323
	324	(users (list (user-account
	325	(name "guest")
72507e23	326	(group "users")
ee03b75d	327	(supplementary-groups '("wheel")) ; allow use of sudo
fc91c17a LC	328	(password "")
	329	(comment "Guest of GNU")
	330	(home-directory "/home/guest"))))
fc91c17a LC	331
fc91c17a LC	332	(issue %issue)
58b21e1e	333	(services %installation-services)
fc91c17a	334
903ae630 LC	335	;; We don't need setuid programs, except for 'passwd', which can be handy
	336	;; if one is to allow remote SSH login to the machine being installed.
	337	(setuid-programs (list (file-append shadow "/bin/passwd")))
fc91c17a LC	338
	339	(pam-services
	340	;; Explicitly allow for empty passwords.
	341	(base-pam-services #:allow-empty-passwords? #t))
	342
a6312f1d	343	(packages (cons* (canonical-package glibc) ;for 'tzselect' & co.
72524ae8	344	parted gptfdisk ddrescue
7eda0c56	345	grub ;mostly so xrefs to its manual work
b419c7f5	346	cryptsetup
f0fbf2c1	347	mdadm
f731529e	348	dosfstools ;mkfs.fat, for the UEFI boot partition
3a9cfba8	349	btrfs-progs
1e8d398a	350	openssh ;we already have sshd, having ssh/scp can help
1ce6f43a	351	wireless-tools iw wpa-supplicant-minimal iproute
8f297d42 LC	352	;; XXX: We used to have GNU fdisk here, but as of version
	353	;; 2.0.0a, that pulls Guile 1.8, which takes unreasonable
	354	;; space; furthermore util-linux's fdisk is already
	355	;; available here, so we keep that.
f4bdfe73	356	bash-completion
a8cb87ab	357	nvi ;:wq!
6f436c54	358	%base-packages))))
fc91c17a LC	359
	360	;; Return it here so 'guix system' can consume it directly.
	361	installation-os
	362
	363	;;; install.scm ends here